Are you being served? How cyber-crime-as-a-service works
What used to be the domain of skilled coders and elite hackers is now just a payment away, and Australians are increasingly in the crosshairs of a cyber-crime revolution.
Crime.
Crime never changes… Except, when it does, and right now the cyber-crime economy is undergoing an insidious transformation that first began in the early 2000s, but which is continuing to accelerate at pace, powered by new technologies like AI and a continuing belief among victims that it can never happen to them.
You’re out of free articles for this month
Hint: It most certainly can, and it most certainly will. If huge corporations like Qantas and Optus can fall prey to hackers seeking an easy payday, any business can.
According to AUCyber’s latest Cyber Threat Intelligence Report, cyber-crime-as-a-service, or CaaS, platforms are run very much like any other software-as-a-service or e-commerce operation. Would-be criminals can choose the service they wish, such as a particular info-stealer strain or ready-to-go phishing kit.
Once that choice is made, buyers can add custom features, such as geo-targeting or live support, before paying with cryptocurrency to maintain their anonymity. The buyer can then access sophisticated online portals or real-time dashboards to track the results of their digital crime spree.
“Vendors offer 24/7 support, tutorials, updates, and in some cases, affiliate programs to re-sell services,” AUCyber said.
“It does make you think, the line between cyber-crime and business has never been blurrier.”
Users of CaaS operations target Australian victims at every level of society. Individuals can be targeted by info-stealers or phishing kits, while small-to-medium enterprises are often targeted by business email compromise attacks, ransomware, and credential stuff. Even government is not immune, with CaaS campaigns targeting local councils and government agencies.
“Access brokers often sell credentials to Australian systems on darknet forums, increasing exposure to espionage and ransomware,” AUCyber said.
“These platforms make it easy for anyone to buy phishing kits, ransomware, credential stealers, or even direct access to hacked systems. It is cheap, scalable, and hard to trace, and Australians are regularly targeted because of our high digital adoption, trusted brand infrastructure, and predictable behaviours.”
Probably one of the most alarming aspects of the cyber-crime service economy is the low barrier to entry. For instance, a myGov login clone designed to steal credentials, complete with a control panel, sells for only $100. DDoS attacks can cost as little as $10 an hour, while remote desktop access to Australian businesses is commonly sold to the highest bidder on hacking forums on both the clear and dark webs.
“Whether it’s a fake myGov login page, stolen Medicare data, or ransomware hitting a small business, the tools are now in the hands of anyone willing to pay for them.”
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Click Here For The Original Source.
